PrivacyPolicy
Your privacy is important to us. Learn how we collect, use, and protect your information in compliance with GDPR, CCPA, and Iraqi regulations.
Introduction
Tatweer for Information and Communication Technology
This Privacy Policy explains how Tatweer for Information and Communication Technology ('Tatweer', 'we', 'us', or 'our') collects, uses, shares, and protects your personal information in compliance with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Iraqi data protection regulations.
Legal Basis for Processing
We process your personal data based on:
- Consent: You have given clear consent for us to process your personal data for specific purposes
- Contract: Processing is necessary for a contract with you
- Legal Obligation: Processing is necessary to comply with the law
- Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party
This policy applies to all visitors, users, and others who access our services
1. Information We Collect
We collect information you provide directly to us and information we obtain automatically when you use our services.
Personal Information
Information that identifies you as an individual, including:
- Full name and contact details (email, phone number)
- Company name and job title
- Postal address and location data
- Login credentials and account information
- Professional qualifications and resume details (for job applications)
Technical Information
Data collected automatically when you use our website:
- IP address and browser type
- Device information and operating system
- Referring URLs and pages visited
- Time and date of access
- Cookies and similar tracking technologies
Communication Data
Information from your interactions with us:
- Messages sent through contact forms
- Email correspondence and support tickets
- Feedback, reviews, and survey responses
- Phone call recordings (when notified)
Business Information
For clients and partners:
- Project requirements and specifications
- Contract and billing information
- Service usage and performance metrics
- Business communications and documentation
2. How We Use Your Information
We use the information we collect for the following purposes, based on legitimate legal grounds:
Service Delivery
To provide, maintain, and improve our ICT services and solutions
Communication
To respond to inquiries, provide customer support, and send service updates
Contract Management
To manage client relationships, process orders, and fulfill contractual obligations
Marketing
To send promotional materials about our services (with your consent)
Analytics & Improvement
To analyze usage patterns, optimize website performance, and enhance user experience
Security & Fraud Prevention
To protect against unauthorized access, fraud, and security threats
Legal Compliance
To comply with legal obligations, resolve disputes, and enforce our agreements
Recruitment
To process job applications and manage the hiring process
3. Third-Party Sharing & Data Processors
We may share your information with trusted third-party service providers who assist us in operating our business. All third parties are contractually obligated to protect your data:
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
We may disclose your information when required by law, court order, or government regulation, or to protect our legal rights and safety.
4. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
After the retention period expires, we securely delete or anonymize your personal data. You may request earlier deletion subject to our legal obligations.
5. Data Security
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
Encryption
All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted using AES-256 encryption.
Access Controls
Strict role-based access controls ensure only authorized personnel can access personal data. Multi-factor authentication (MFA) is required for administrative access.
Security Monitoring
24/7 security monitoring, intrusion detection systems, and regular security audits to identify and prevent threats.
Data Backup
Regular encrypted backups stored in secure, geographically distributed locations with strict access controls.
Employee Training
All employees receive regular training on data protection, privacy best practices, and security protocols.
Incident Response
Comprehensive data breach response plan to quickly identify, contain, and notify affected parties of any security incidents.
While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
6. Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience and analyze website usage.
Cookies are small text files stored on your device when you visit our website.
You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.
7. International Data Transfers
Your data may be transferred to and processed in countries other than Iraq:
We may transfer data to servers located in the European Union, United States, or other countries where our service providers operate.
When transferring data internationally, we implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Ensuring recipients are located in countries with adequate data protection laws
- Implementing additional security measures for sensitive data transfers
You have the right to obtain information about the safeguards we use for international transfers.
8. Children's Privacy
Our services are not directed to individuals under the age of 16.
We do not knowingly collect personal information from children under 16 years of age. If you are under 16, please do not provide any personal information through our website.
If we learn that we have collected personal data from a child under 16 without parental consent, we will delete that information as quickly as possible.
If you believe we have collected information from a child under 16, please contact us immediately at privacy@tatweer.iq.
9. Your Privacy Rights
Under GDPR, CCPA, and Iraqi regulations, you have the following rights regarding your personal information:
GDPR Rights (EU Residents)
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Restriction
Request limitation of processing of your data
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint
File a complaint with your local data protection authority
CCPA Rights (California Residents)
Right to Know
Know what personal information is collected, used, shared, or sold
Right to Delete
Request deletion of personal information
Right to Opt-Out
Opt-out of the sale of personal information (we do not sell data)
Right to Non-Discrimination
Not be discriminated against for exercising your privacy rights
To exercise your rights, please contact us at privacy@tatweer.iq. We will respond to your request within 30 days (GDPR) or 45 days (CCPA).
We may require verification of your identity before processing your request to protect your privacy and security.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
We will notify you of any material changes by:
- Posting the updated policy on this page with a new "Last Updated" date
- Sending an email notification to registered users (for significant changes)
- Displaying a prominent notice on our website
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
11. Contact Us & Data Protection Officer
If you have any questions about this Privacy Policy, wish to exercise your rights, or need to report a privacy concern, please contact us:
Data Protection Inquiries
You can reach our privacy team at privacy@tatweer.iq
We will respond to all requests within 30 days.
Supervisory Authority
If you are located in the EU, you have the right to lodge a complaint with your local data protection supervisory authority. For residents of Iraq, you may contact relevant Iraqi regulatory authorities regarding data protection concerns.